Cybersecurity is considered one of the biggest threats to the
world economy, but according to Australian researchers at State of Play, it will take a catastrophic event for it to be taken
seriously in the mining industry.

Through interviews, survey and deep analysis of Australia’s
largest mining and service companies, including BHP, Rio Tinto, South32, and
Anglo American, the report has uncovered that 98% of top-level executives expect
a catastrophic event is required to drive an industry response to cybersecurity
in mining.

State of Play Chairman
and Co-founder Graeme Stanway says the risk of cybersecurity failures in mining
could be severe.

“In an increasingly automated and interconnected
world, the risk of rogue systems and equipment is growing rapidly,” he says.

“If someone
hacks into a mining system, they can potentially take remote control of
operational equipment. That’s the level of risk that we are facing.”

Global Head of Cybersecurity at BHP, Thomas Leen, agrees
and says the mining industry is up against archaic processes when it comes to
evolving on the cybersecurity front.

“Mining as an industry has a low
level of cybersecurity maturity, mainly due to legacy environments that lack
basic capabilities,” he says.

AustCyber CEO Michelle Price believes public-private partnership
is the key to driving change in the way the mining industry approaches
cybersecurity.

“AustCyber has collaborated with METS Ignited and State of Play to
conduct this survey as we see the potential to improve cybersecurity across the
mining environment,” she says.

“There are several challenges specific to the mining sector as
documented in the Australian Cyber Security Industry Roadmap developed in
conjunction with CSIRO – such as operational technology, connected equipment
and sensors, availability of data, anomaly detection and the volatility of
markets,” she says.

“There are plenty of growth opportunities – especially when the
sector collaborates with organisations like AustCyber to have a coordinated
voice on the kind of support it needs to push forward cyber resilience.”

South32 head of cybersecurity Clayton Brazil sees this
collaboration as a strength of cybersecurity in the mining industry. “Cybersecurity
is incredibly collaborative in mining, we know it’s a critical industry for our
nation and we all want to be safer,” he says.

Brazil sees a strong cybersecurity capability as a strategic
opportunity for South32. “Done properly, cybersecurity can be a competitive
advantage for us,” he says.

METS Ignited CEO Adrian Beer says industry growth and
sustainability will come from collaboration and the implementation of
standards. “Mining operations are still made up of legacy closed systems that
have customised integrations between them,” he says.

“However, the modern technology vendor community is trying to
overcome these systems with new models, building collaboration and trust
between mining and the technology sector will create a secure sustainable
future.”

Beer also believes standards have a two-prong role to play. “There is clearly a need for both a strong set of standards to define what good looks like in terms of cybersecurity more broadly, and a set of industry standards to ensure that the specific needs are met to deliver those secure outcomes,” he says.

Xavier Evans

Xavier is the Research Lead for State of Play, conducting much of the research, analysis and writing for State of Play publications. Xavier has experience in advising organisations on strategy, business model design and innovation, particularly with mining and utilities sectors. An economist and political scientist by training, Xavier has worked with a range of organisations aiming to catalyse innovation in the resources industry.